From 6da465ce37d737951fe61e32327002e0bf1a1aa1 Mon Sep 17 00:00:00 2001
From: Joey Hess <joeyh@joeyh.name>
Date: Wed, 25 Jan 2017 15:21:19 -0400
Subject: todo

---
 TODO | 14 ++++++++++++++
 1 file changed, 14 insertions(+)

diff --git a/TODO b/TODO
index 18426bf..c018dc8 100644
--- a/TODO
+++ b/TODO
@@ -2,6 +2,20 @@ Soon:
 
 * Finish vetting 2 servers to Recommended.
 * Set up --check-servers in a cron job, so I know when servers are down.
+* Remove gpg key passohrase from gpg keys that keysafe backs up.
+  The reason for this is that the user may well forget their gpg key
+  passphrase, and it's *weird* to restore a key with keysafe's password
+  and then have it passphrase protected.
+  The gpg key passphrase is intended only to keep a key from being used
+  for a short period of time (a week or so) when the device holding it 
+  is known to have been compromised, so the key can be revoked.
+  This doesn't really apply to keys backed up with keysafe -- if they get
+  compromised somehow, the user won't know, and cracking the gpg passphrase
+  should be almost trivial to an attacker who was able to break keysafe's
+  password.
+  paperkey can remove gpg key passphrases. Is there any better way?
+  It might make sense for keysafe to prompt for a new gpg passphrase
+  when restoring.
 
 Later:
 
-- 
cgit v1.2.3